Table of Contents

8 Critical Identity Management Capabilities Every Modern CIAM Solution Must Have

As the digital ecosystem continues to evolve, so do security threats, regulations and customer expectations, making it difficult for businesses to keep up. This heavy burden overloads resources, causing control failures, poor visibility and compliance issues which ultimately impact the most important part of any business — the customers. 


In order to fulfill consumer expectations, any business needs to be able to properly manage its customers’ digital identities and account access. Today, when customers interact with businesses online, they expect the following: 


  • The business knows who they are 
  • That their personal information is secured by the organization
  • The business adheres to their selected privacy preferences such as sharing information with 3rd parties or using their information for promotional campaigns


If your business achieves this level of customer management, you can digitally transform across channels, achieve greater customer retention, higher lifetime value and build stronger brand reputation. Only services that can provide and maintain the best user experience, while being able to maintain high levels of security and privacy, will remain competitive within their markets.


Below I will cover in more detail the challenges of user management that organizations face today, the critical capabilities every user identity management system needs plus the latest technology in user identity management. 


The challenges of identity management today 


1. Scalability: Most traditional and in-house identity and access management (IAM) solutions were built to enable workforce scenarios. Meaning they were designed to scale for 10K – 100K of users. This is extremely limiting when we talk about consumer scale which could span from a million to more than a billion users.


2. Extensible customer profiles: Many IAM solutions are not equipped to represent the same identity across multiple business lines. Traditional solutions don’t allow for dynamic customization of profile attributes. The system should be able to maintain personal information (e.g., age, gender, birthday, email, address, phone, etc.) and how that person engages with your business, like which applications they use and their subscription levels.


3. Identity siloes: Businesses have to deal with sparse data sources across disconnected business lines which cause identity duplications and the inability to create real relationships with customers. Due to fragmented customer profiles, businesses are unable to have a 360° view of the entire customer journey.


4. Account linking: All the different authentication methods offered by a single service creates a scenario where the same customer uses a different method — creating multiple, disconnected accounts for the same service. This leads to a broken user experience.


5. Passwords: For decades passwords have been mandatory in order to register for a service. Weak and easily forgotten passwords bring high levels of security risk, friction as well as operational costs.


6. Customer consent and preferences: It has become increasingly difficult for companies to manage customer consent and adhere to their chosen preferences given the banning of 3rd party cookies and ever-evolving compliance standards.


8 critical aspects to managing user identity across business lines 


While user management is an aspect hidden from the customer, it is usually the core of any CIAM solution and  ultimately impacts the customer experience (CX) and security. In order to secure customer identities and meet business, regulatory and experience requirements, there are 8 critical capabilities needed to manage customer identities across all lines of business: 


1. Centralized identity store 


In order to keep customer information secure, you need an identity  management service with a centralized identity store. The identity store should be scalable, secure and privacy-oriented to ensure up-to-date user information at all times while treating any registered user in the business as a returning customer. A centralized identity store enables businesses to manage all of their customers from one repository. 


2. Unified identity profiles 


Regardless of how customers decides to interact with your business, you want to be able to recognize them as the same user. In order to avoid account duplication, your user management service needs to auto-detect when the same user authenticates using a different method. The ideal service will automatically link the two accounts across channels, devices and providers. 


3. Progressive profiling


Collecting crucial customer information is imperative for any business. However, customers shy away from filling out never-ending forms leaving information gaps. Any complete user management system will allow for the continuous enrichment of user profiling over time — a way to avoid long registration processes. Businesses are more likely to gather more information by presenting the collection of information in phases. 


On top of that, the user management system should allow for self-service profile management where customers can manage view, edit or even delete their own personal data at any time. 


4. Consent management 


Customers expect organizations to adhere to their chosen preferences and therefore need a user management system that allows admins to log and manage user’s cookie consents, legal consents and all communication preferences. 


5. Robust session management


In some cases, organizations require different users to have varying levels of access to an app or part of an app for security reasons. In order to achieve this organizations need to select an identity management system that allows for robust session management.

For example, you see that a user logs in with a biometric, they may have full access or a longer session. But if they log in with a new device and authenticate with a password, you may restrict their access or the size of their transaction.


By managing user sessions businesses are able to: 


Prevent account misuse: Organizations can control the level of exposure for potential account misuse on long sessions.


Proactively logout risky accounts: Admins can pause sessions for risky users and require re-authentication. 


Enable self-service logout: Organizations can provide customers with the ability to safely log out from the service. 


Activate multi-resourced session management: Admins can determine different session lengths for both general and sensitive areas inside the same application. General pages like a homepage can run forever as it’s informative to the customer, whereas sensitive pages like a checking account can be set to a short-lived session.


6. Intuitive admin portal


Organizations require a robust back-office system in order to efficiently manage identities, troubleshoot incidents in real-time and easily monitor and track all user-related activity. The ideal identity management system gives admins an intuitive experience where they can search for users, control their status, view their information and understand which app customers are using, what device they are using and recent activity. 


With a 360 degree view of the customer and their typical behavior patterns, you gain a clear picture of the trusted customer. Only then can you assess anomalies that may indicate fraudulent activity.


7. Flexible authorization

Role based access control (RBAC) enables applications to distinguish the type of access a certain user has in their application based on the permissions associated with a specific role. Let’s take the example of a food ordering app — the service needs the ability to distinguish between the different roles needed for a customer, delivery staff or an admin. 


8. Extensible identity store 


Any modern consumer app today is surrounded by a large ecosystem of business supporting apps. It could be a CRM system, a marketing system or a security focused solution. A user management service needs to enable a real-time sync across all these systems. This is crucial for the continuation of the business operations, the user and user risk related events. 


Modern CIAM across all business lines 


Transmit Security User Management and Authorization Services offer the perfect balance of security, flexibility and customization necessary in today’s dynamic and competitive market. Built by security experts with an exclusive focus on CIAM, we put your customer’s privacy and security first. 


As a cloud-native SaaS solution backed by our large team of researchers, the Transmit Security CIAM Platform is continuously updated with new capabilities to handle the latest security threats and privacy requirements. Developer-friendly APIs and SDKs make it easy to customize and personalize customer identity journey’s across business line applications, devices and channels. With Transmit Security, you can offer your users modern authentication methods including passwordless authentication and social logins, making registration simpler.


Discover Transmit Security Authorization and User Management Services


  • Boris Kacevich, Senior Product Manager

    Boris is a former software engineer turned product manager who aims to simplify security and consumer identity management for developers. Prior to Transmit Security he has spent the last decade leading multiple cyber security products in the areas of application and cloud security at Checkmarx and Microsoft.